CORS issue with accessing portal secure services

01-16-2019 12:53 PM
New Contributor III

I have a web map in portal with a feature layer which points to an external secure service. When I was adding it to WAB (developer), it threw me the following CORS erorr. Our portal is IWA and our WAB(developer) is running as a service. The same issue happens when i deployed the app on our app server which is different from portal machine. There are no issues for adding web maps without any secured services. I have compared the request and response headers for the two calls (one with secured service and one without secured service). The only difference is that cookies and token were sent along with the request with secured service. I assume the reason was that 'withCredentials' attribute was set to true for that case. But how to set it to false or bypass or just remove it from the request? Is there a way to acccess portal items with secure services out of the portal machine?

0 Kudos
1 Reply
Occasional Contributor


Possible solutions would be:

1) Try to run WAB-dev on chrome.

2) Install CORS extension for chrome - I will not recommend this but just to verify.

3) Allow portal to access non secured request.

4) Install Portal on secured environment. Configure WAB-dev to run on https locally.see this thread



0 Kudos